Azure cloud security.jpg

How to Monitor Microsoft Azure Cloud Security

Security Center is an excellent tool for detecting Azure cloud security deficiencies, but it's important to understand where monitoring blind spots may exist.

As beneficial as public clouds like Microsoft Azure may be, the use of such clouds can complicate an organization’s security initiatives. After all, there are security implications associated with every cloud object that an organization creates, and the security best practices that an organization adheres to for its on-premises systems aren’t always well suited to cloud environments. Organizations must also consider the highly dynamic nature of public clouds--enterprises create and delete cloud objects every day, and all of those newly created objects need to be secured.

The good news is that hyperscale cloud providers such as Google, Amazon and Microsoft provide tools that can help organizations holistically manage cloud security. Such tools vary from one provider to the next, but they generally work by analyzing all of the objects an organization has created in the cloud and then providing recommendations for taking care of those objects. One such tool is Microsoft Azure Security Center. Found within the Azure Portal, Azure Security Center provides security health information for the Azure tenant. In doing so, Azure Security Center provides (among other things) a secure score that is similar to the one used in Microsoft 365 environments, a regulatory compliance assessment, and insights and recommendations that an organization can follow to improve its Azure cloud security.

You can see what the Azure Security Center looks like in Figure 1. Even though the dashboard is mostly empty, it can still give you an idea of the types of Azure cloud security information that Security Center provides.

Azure cloud security.jpg

Figure 1

This is the Azure Security Center dashboard.

As helpful as tools like Security Center can be, they do have their limits. Microsoft Azure Security Center uses a collection of rules to detect potential security deficiencies. This means that Azure Security Center detects security deficiencies only if it can analyze a particular resource and if the tool contains rules governing the way that the resource should ideally be configured.

From a practical standpoint, this means that Azure Security Center does a really good job of helping subscribers comply with security best practices for Azure objects. However, it also means that Security Center is not fully comprehensive in its ability to assess an organization’s compliance with security best practices. There will usually be monitoring blind spots that Azure Security Center cannot report on.

Some of these Azure cloud security blind spots are relatively obvious. For example, most enterprises host resources in multiple clouds, and Azure Security Center was never really designed to provide security recommendations for non-Microsoft clouds.

This is not to say that Azure Security Center can’t monitor resources residing outside of the Microsoft Azure cloud. Microsoft actually provides a way to connect non-Azure machines so that they can be monitored using Azure Security Center. The preferred method involves connecting non-Azure machines to an Azure Arc-enabled server.

With that said, there are limits to Azure Security Center’s virtual machine monitoring capabilities, both within and outside of Azure. Suppose that an organization created an Azure virtual machine and deployed a proprietary line of business application onto that virtual machine. Azure would likely be able to monitor the virtual machine’s configuration and some health metrics related to the virtual machine’s operating system. However, Azure Security Center wouldn't be aware of the proprietary application, and would therefore be unable to provide any sort of meaningful insight as to the security of that application.

Competing clouds such as Amazon AWS and Google Cloud represent another potential blind spot for Azure Security Center, which of course was designed to monitor Azure cloud security and not the security of Google or Amazon objects. Even so, it is possible to display Google and AWS security findings within Azure Security Center by onboarding the competing cloud platforms.

To give you an example of how this works, Azure Security Center is incapable of natively monitoring the security status of most AWS objects. However, Amazon has its own tool called the AWS Security Hub that performs a similar function as Azure Security Center. Microsoft provides a way of integrating the AWS Security Hub into the Azure Security Center, thereby allowing Azure to provide visibility into both environments.

Ultimately, Azure Security Center is an excellent tool for detecting security deficiencies in the Azure cloud. The trick to using it effectively, however, is to understand where monitoring blind spots may exist and what you can do to monitor non-Azure resources.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish